---
- name: Deploy KVM virtual machines
  ansible.builtin.import_playbook: include/deploy-kvm-guest.yml
  vars:
    myhosts: static

- name: Configure instance
  hosts: static
  user: root
  gather_facts: true

  vars_files:
    - "{{ ansible_private }}/vars.yml"

  roles:
    - base
    - role: keytab
      keytab_principals:
        - "host/{{ inventory_hostname }}@FOO.SH"
        - "nfs/{{ inventory_hostname }}@FOO.SH"
    - nfs_client
    - sssd
    - autofs
    - apache

  tasks:
    - name: Allow apache to access nfs mounts from selinux
      ansible.posix.seboolean:
        name: httpd_use_nfs
        state: true
        persistent: true

    - name: Share role and home directories to apache
      ansible.builtin.copy:
        dest: /etc/httpd/conf.local.d/public_html.conf
        content: |
          UserDir enabled
          UserDir public_html
          <Directory "/home/*/public_html">
            Options SymLinksIfOwnerMatch IncludesNoExec Indexes MultiViews
            AllowOverride AuthConfig FileInfo Indexes Limit
            Require all granted
          </Directory>

          AliasMatch ^/roles/([a-z]*)/(.*) /roles/$1/public/public_html/$2
          <Directory "/roles/*/public/public_html">
            Options FollowSymLinks IncludesNoExec Indexes MultiViews
            AllowOverride AuthConfig FileInfo Indexes Limit
            Require all granted
          </Directory>
        mode: "0644"
        owner: root
        group: "{{ ansible_wheel }}"
      notify: Restart apache